10
CVE-2021-38759
- EPSS 15.67%
- Veröffentlicht 07.12.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:18:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginRaspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Raspberrypi ≫ Raspberry Pi Os Lite Version <= 5.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.67% | 0.964 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/
https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password